CVE-2017-1000373

MEDIUM

OpenBSD < 6.1 - Uncontrolled Resource Consumption via qsort() Recursion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-1000373. PoCs published by Qualys Corporation.

AI-analyzed exploit summary This exploit targets CVE-2017-1000373, a stack-based buffer overflow in OpenBSD's `at` command. It leverages a malicious environment variable to trigger the vulnerability during the sorting process, leading to potential remote code execution.

Description

The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Qualys Corporation · clocalopenbsd

https://www.exploit-db.com/exploits/42271

View Code ZIP pw:eip

This exploit targets CVE-2017-1000373, a stack-based buffer overflow in OpenBSD's `at` command. It leverages a malicious environment variable to trigger the vulnerability during the sorting process, leading to potential remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenBSD at command (versions prior to patch)

No auth needed

Prerequisites: Access to a vulnerable OpenBSD system with the `at` command · Ability to set environment variables

MITRE ATT&CK